Apple has released iOS 14.8 for eligible iPhones today. This is one of those unglamorous security updates that doesn’t appear to add much on the surface but actually closes some critical security gaps, and it’s critical that you install it as soon as possible.
The iOS 14.8 update patches vulnerabilities in CoreGraphics and WebKit, which Apple claims have been exploited.
iOS 14.8 is out, and it's security fixes, including one that was reported by @citizenlab — which said in August that it found zero-click NSO Group attacks on Bahraini activists using current iPhones https://t.co/3DxeKVtuLi pic.twitter.com/HVG6JbvyeE— kif (@kifleswing) September 13, 2021
The Citizen Lab originally found the CoreGraphics flaw, which they characterized as a zero-click iMessage exploit by the NSO Group, the firm behind the infamous malware Pegasus, which was recently in the news. The exploit is suspected of having been used to hack Bahraini activists using Pegasus.
Given the update’s nature, it’s probably in everyone’s best interests to get it installed as soon as possible. All iPhone models, including and newer than the iPhone 6s, are eligible for the upgrade.
In addition, the update is compatible with iPads (Air 2 and newer), iPod touches, macOS Big Sur 11.6, macOS Catalina, and watchOS 7.6.2.